talk from the Strata Summit on the business of illegal data grabbed me because I just finished watching the entire series of The Sopranos from start to finish last week. But even if you don't have a penchant for mob shows, Goodman's talk is worth the time to watch.Maybe Marc Goodman's
As we wax on about the wonders of big data, Goodman reminds us "the more data you produce, the more criminals are happy to receive what you produce."
Much of that, he says, is stolen by organized crime. Goodman says 85% of data stolen is stolen by organized crime.
The criminal underground, says Goodman, has already figured out systems to take advantage of data. Whether that's data with obvious value like credit card information, or not so obvious. Goodman says that "social data is great for criminal underground." How do they get it? Two main ways, one is malware. The other? Social engineering.
Business of Stolen Data
You know how prices for legitimate data services tend to normalize? Amazon and Rackspace, for example, price their cloud storage offerings pretty similarly. Well, Goodman says that stolen data has fairly standard pricing as well. In the market for stolen data, $10 will get you a stolen credit card with a $25,000 limit. For $700, you can get a bank account with a $82,000 balance.
The "good" news? A big one like the Sony PlayStation breach means that it drives the price down for data. Just like any other market, there's supply and demand – and a big flood of data drives the price down.
The Sony PlayStation Network hack got a great deal of attention, but it turns out that it's not even the biggest breach recently. Heartland Payment Systems was hacked to the tune of 130 million records in January 2009. TJX Companies were breached in 2007 for 94 million. Sony was "only" 77 million accounts. (You have to wonder how many unfortunate folks had their data compromised with Sony, Heartland and TJX.)
Crime as a Service
How do criminals scale? Goodman says "crimeware" is available, and there's a full "illicit data supply chain" that happens across different organized crime groups around the world. Because there's not enough acronyms in the world, Goodman calls this Crime as a Service (CaaS). This includes free demos, service level agreements (SLAs) and discounts for buying in bulk.
Even more impressive, or scary depending on your point of view, is that Goodman says that some CaaS providers offer 800 numbers to support their software.
Terrorist Use of Data
He also talks about terrorist use of data to plan attacks, and says that the 2008 Mumbai attacks were "the most technologically advanced attack planed by a terrorist organization to date." What was different, says Goodman, was that terrorists were mining data in real time during the attack. Goodman's final story will make you think a little more carefully about the information you put online.
Take a few minutes to watch Goodman's talk, it's definitely something to think about.